[RESOLU]Infection rogue trojean adware EOREZO

[papyreunion]

Bonjour,

 

pc sous win7 Avast Mozilla ccleaner glary utilities

 

infection par ROGUE EOREZO Scan de Malwarebytes( ci _ joint) supprimer par malwarebytes. Mais je n'avais plus de pilote pour touchpad, ( installé depuis) maintenant je n'ai plus accès à la propriété du système sauf par panneau de configuration . J'ai fait un scan de AD REMOVE(joint) faut il nettoyer ou c'est ok.Merci

j'ai découvert EOJET 1.1. qui fait partie de EOREZO désinstallé avec revo.

 

 

 

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

 

Version de la base de données: 911122308

 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

 

23/12/2011 19:03:15

mbam-log-2011-12-23 (19-03-15).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 182386

Temps écoulé: 2 minute(s), 49 seconde(s)

 

Processus mémoire infecté(s): 1

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 10

Fichier(s) infecté(s): 9

 

Processus mémoire infecté(s):

c:\Users\david\AppData\Roaming\EoRezo\EoRezo\softwareupdatehp.exe (Trojan.Eorezo) -> 2312 -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\Software\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SoftwareHelper (Trojan.Eorezo) -> Value: SoftwareHelper -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eorezo (Rogue.Eorezo) -> Value: eorezo -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

c:\program files (x86)\eoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

c:\Users\david\AppData\Roaming\EoRezo (Adware.EoRezo) -> Quarantined and deleted successfully.

c:\Users\david\AppData\Roaming\EoRezo\EoRezo (Adware.EoRezo) -> Quarantined and deleted successfully.

c:\Users\david\AppData\Roaming\EoRezo\EoRezo\Download (Adware.EoRezo) -> Quarantined and deleted successfully.

c:\Users\david\AppData\Roaming\EoRezo\EoRezo\Download\itsTV (Adware.EoRezo) -> Quarantined and deleted successfully.

c:\Users\david\AppData\Roaming\EoRezo\EoRezo\Download\itsTV\4.0.0.1801803 (Adware.EoRezo) -> Quarantined and deleted successfully.

c:\Users\david\AppData\Roaming\EoRezo\EoRezo\Software (Adware.EoRezo) -> Quarantined and deleted successfully.

c:\Users\david\AppData\Roaming\EoRezo\EoRezo\Software\sufr (Adware.EoRezo) -> Quarantined and deleted successfully.

c:\Users\david\AppData\Roaming\EoRezo\EoRezo\Software\sufr\4.0.0.3563563 (Adware.EoRezo) -> Quarantined and deleted successfully.

c:\Users\david\local settings\application data\EoRezo (Adware.EoRezo) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

c:\Users\david\AppData\Roaming\EoRezo\EoRezo\softwareupdatehp.exe (Trojan.Eorezo) -> Quarantined and deleted successfully.

c:\program files (x86)\eoRezo\unins000.dat (Rogue.Eorezo) -> Quarantined and deleted successfully.

c:\program files (x86)\eoRezo\unins000.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.

c:\Users\david\AppData\Roaming\EoRezo\engineuninstallhelper.exe (Adware.EoRezo) -> Quarantined and deleted successfully.

c:\Users\david\AppData\Roaming\EoRezo\EoRezo\help_config.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.

c:\Users\david\AppData\Roaming\EoRezo\EoRezo\softwareupdate.exe (Adware.EoRezo) -> Quarantined and deleted successfully.

c:\Users\david\AppData\Roaming\EoRezo\EoRezo\user_config.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.

c:\Users\david\AppData\Roaming\EoRezo\EoRezo\user_profil.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.

c:\Users\david\AppData\Roaming\EoRezo\EoRezo\Software\sufr\4.0.0.3563563\fus.exe (Adware.EoRezo) -> Quarantined and deleted successfully.

 

 

AD-remove : ======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

 

Mis à jour par TeamXscript le 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

Site web: TeamXscript : AD-Remover - FindyKill - UsbFix - SEAF

 

C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 15:09:25 le 24/12/2011, Mode normal

 

Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)

david@DAVID-PC (Packard Bell EasyNote LM85)

 

============== RECHERCHE ==============

 

 

 

Clé trouvée: HKLM\Software\Classes\SearchBar.Client

Clé trouvée: HKCU\Software\Conduit

Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

 

Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}

 

 

============== SCAN ADDITIONNEL ==============

 

**** Mozilla Firefox Version [9.0.1 (fr)] ****

 

HKLM_MozillaPlugins\Adobe Reader (x)

Searchplugins\bing.xml ( hxxp://www.bing.com/search)

Components\browsercomps.dll (Mozilla Foundation)

 

-- C:\Users\david\AppData\Roaming\Mozilla\FireFox\Profiles\w9l8qu7m.default --

Extensions\[email protected] (Menu Contextuel Orange)

Extensions\[email protected] (barre d'outils Orange)

Searchplugins\orange.xml (?)

User.js - browser.search.selectedEngine, Orange

User.js - keyword.URL, hxxp://rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=

Prefs.js - browser.search.selectedEngine, Orange

Prefs.js - browser.startup.homepage, hxxp://www.google.fr/ig

Prefs.js - browser.startup.homepage_override.buildID, 20111220165912

Prefs.js - browser.startup.homepage_override.mstone, rv:9.0.1

Prefs.js - keyword.URL, hxxp://rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=

 

========================================

 

**** Internet Explorer Version [9.0.8112.16421] ****

 

HKCU_Main|Default_Page_URL - hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=easynote_lm85&r=27361110p5b6l0480z165f4691d345

HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKCU_Main|Start Page - hxxp://www.google.fr/ig?hl=fr

HKLM_Main|Default_Page_URL - hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=easynote_lm85&r=27361110p5b6l0480z165f4691d345

HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Start Page - hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&m=easynote_lm85&r=27361110p5b6l0480z165f4691d345

HKCU_URLSearchHooks|{AEEC3B59-CA98-4EBA-A140-57B94E283583} (x)

HKCU_URLSearchHooks|{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} (x)

HKCU_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} (x)

HKCU_SearchScopes\{814C76CB-2623-43F4-AAD0-58A0E5190A20} - "Orange" (hxxp://rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata={searchTerms})

HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)

HKLM_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)

HKCU_Toolbar\WebBrowser|{D3028143-6145-4318-99D3-3EDCE54A95A9} (x)

HKCU_Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (x)

HKCU_Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D} (x)

HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (x)

HKLM_Toolbar|{c9a6357b-25cc-4bcf-96c1-78736985d412} (x)

HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)

HKLM_ElevationPolicy\{08FF730A-494F-4cba-AA0B-E4F1D44715F9} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\symerr.exe (x)

HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)

HKLM_ElevationPolicy\{53E3349C-CB17-4C6F-8B59-2C811D76B8A1} - C:\Program Files (x86)\Orange\ToolbarFR\ToolbarHelper.exe (x)

HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)

HKLM_ElevationPolicy\{aa851425-0109-43f3-9ed2-7b7090125861} - C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.)

HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)

BHO\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (?)

BHO\{1d970ed5-3eda-438d-bffd-715931e2775b} (?)

BHO\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (?)

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} (?)

BHO\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} (?)

BHO\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (?)

 

========================================

 

C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)

C:\Program Files (x86)\Ad-Remover\Backup: 0 Fichier(s)

 

C:\Ad-Report-SCAN[1].txt - 24/12/2011 15:09:31 (4864 Octet(s))

 

Fin à: 15:10:15, 24/12/2011

 

============== E.O.F ==============

 

Bonjour,

 

je pense avoir tout enlever concernant EOREZO, je passe en résolu.

Modifié le 25 décembre 2011 par papyreunion